无完全可信PKG身份签名的分层CES方案

针对管理型SaaS应用整体签批分层处理业务中隐私保护的需求,提出了一种无完全可信私钥生成中心（private key generator,PKG）身份签名的分层内容摘录签名（content extraction signature,CES）方案。采用分层摘录策略控制分片和签名摘录,基于身份签名克服了公钥基础设施证书管理复杂的问题,由租户和服务提供商的PKG独立生成用户私钥分量,在一定程度上克服了无完全可信PKG问题。分析表明,该方案具有用户私钥的私密性、CES的隐私性和不可伪造性,可推广应用于在线办公、在线图书销售等方面。

Scheme of hierarchical content extraction signature based on non-credible PKG identity-based signature

To meet the requirement of privacy protection in doing hierarchical business after signing the whole one in management-type software as a service application,a scheme of hierarchical content extraction signature was proposed based on the identity-based signature of non-credible private key generator.The extraction of both fragment and signature was in control by the hierarchical extraction policy.The complexity of certificate in public key infrastructure was avoided based on the identity-based signature.In some extent,the non-credible private key generator problem was weakened whose part independently generated by service provider and tenant.The analyzing results show that the scheme has the specialties of user’s private key’s privacy,un-forge and privacy of CES.It can be applied to online office and book sale.